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Amendments to the Claims 

This listing of claims will replace all prior versions, and listings, of claims in 
the application: 

Listing of Claims: 

1 , (canceled) 

2. (currently amended) The method of claim [[!]] 6, furthei: comprising: 

for at least one of the plurality of key splits, adding the at least one key split to the 
encrypted object. 
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3. (currently amended) The method of claim [[1]] 6, further 
for at least one of the plurality of key splits, adding reference 
the at least one key split to the encrypted object. 



4. (currently amended) The method of claim [[!]] 6, fiirthericomprising retrieving 
at least one of the plurality of key splits from a storage medium. 

5. (previously presented) The method of claim 4, wherein the storage medium is 
disposed on a smart card* 



CO 

m 
co 



comprising: 

data associated with ^3 
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6. (currently amended) A method of encrypting an object, Comprising: 
combining a plurality of kev splits to generate a cryptographic key; 
initializing a cryptographic algorithm with the cryptographic kev; and 
a pplying the initialized cryptographic algorithm to the objefct to form an 

encrypted object; 

wherein at least one of the plurality of kev splits corresponds at least in part to a 
biometric measurement: and 

The method of olaim 1, wherein combining a plurality of key splits to generate a 
cryptographic key is performed on a smart card, 

7. (currently amended) In a cryptographic system associated with an 
organization, a method of encrypting an object by a user, comprising; 

generating a cryptographic key by combinin g* on a smart card, an organization 
split corresponding to the organization, a maintenance split, a random split, a biometric 
split corresponding to the user, and at least one label split; 

initializing a cryptographic algorithm with the cryptographic key; 
encrypting the object according to the initialized cryptographic algorithm; 
adding combiner data to the encrypted object, wherein the combiner data includes 
reference data corresponding to al least one of the at least one label split 
and the cryptographic algorithm, 

name data associated with the organization, 



PAGE 6/26 * RCVD AT 2/2712006 4:29:43 PM [Eastern Standard Time] * SVR;USPTO-EFXRF«6/24 * DNIS:2738300 * CSID:703 248 9244 ' DURATION (mm-ss):06-58 



Sent By: IP Strategies', P.C.; 



703 248 9244; 



Feb-27-06 5:20PM; 



Page 7 



Application No. 09/388,195 
Amendment dated 02/27 /2006 
Reply to Office action of 10/27/2005 



Page 4 of 23 



at least one of the maintenance split and a maintenance level associated 
with the maintenance split, and 
the random split; and 
storing the encrypted object with the added combiner data. 

8. (previously presented) The method of claim 7, further comprising selecting the 
at least one label split from at least one credential. 

9- (previously presented) The method of claim 8 7 wherein the selected at least one 
label split is encrypted, the cryptographic key is a first cryptographic key, and the method 
further comprises: 

deriving a second cryptographic key from a user ID associated with the user, a 
password associated with the user, and at least one of a unique data instance and a 
random value, and 

decrypting the selected at least one label split with the second cryptographic key. 



10. (previously presented) The method of claim 8, whereinlthe at least one 
credential is retrieved from a memory. 



11. (previously presented) The method of claim 10, wherein the memory is 
disposed on a smart card. 
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1 2. (previously presented) The method of claim 8, further comprising generating 
a time stamp corresponding to a time at which the object was encrypted, wherein the 
combiner data further includes the time stamp. 



13. (previously presented) The method of claim 8, whereirithe combiner data 
further includes a user ID associated with the user. 

14. (previously presented) The method of claim 7, further domprising generating 
a time stamp representing a time at which the object was encrypted; wherein the 
combiner data further includes the time stamp. 



15. (previously presented) The method of claim 7, wherein 
header record. 

16. (previously presented) The method of claim 7, wherein 
further includes one of a digital signature and a digital certificate. 

17. (previously presented) The method of claim 7, wherein 
further includes a digital signature and a digital certificate. 



18. (previously presented) The method of claim 7, wherein Ithe cryptographic key 
is a first cryptographic key, the method further comprising; 



the combiner data is a 



the combiner data 



the combiner data 



PAGE 8/26 * RCVD AT 2/2712006 4:29:43 PM [Eastern Standard Time] * SVR:USPTO-EFXRF-6/24 * DNIS:2738300 * CSID:703 248 9244 1 DURATION (mirws):06-58 



Sent By: IP Strategies/ P.C.; 



703 248 9244; 



Feb-27-06 5:21PM; 



Page 9 



Application No. 09/388,195 
Amendment dated 02/27 /2006 
Reply to Office action of 10/27/2005 



Page 6 of 23 



generating a second cr yplographic key based at least in part* on the at least one 
label split; and 

encrypting the random split with the second cryptographic key, prior to adding the 
combiner data to the encrypted object; 

wherein the random split included the combiner data is the Encrypted random 

split, 

1 9. (previously presented) The method of claim 7, further comprising 
before adding the combiner data to the encrypted object, encrypting at least a 
portion of the combiner data with a header split. 



20. (previously presented) The method of claim 19, whensih the header split is 
constant. 

21. (canceled) 

22. (currently amended) The storage medium of claim 2-1- 2j6> wherein the 
instructions further include: 

for at least one of the plurality of key splits, add the at least one key split to the 
encrypted object. 
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23. (currently amended) The storage medium of claim 24- wherein the 
instructions further include; 

for at l east one of the plurality of key splits, add reference data associated with the 
at least one key split to the encrypted object. 



24. (currently amended) The storage medium of claim H 26, wherein the 
instructions further include; 

retrieve at least one of the plurality of key splits from a merhory. 



25. (previously presented) The storage medium of claim 2% wherein at least a 
portion of the memory is disposed on a smart card. 

26. (currently amended) A storage medium comprising insthictions for causing a 
data processor to encrypt an object, wherein the instructions inchidfr 



generate a cryptographic key by combining a plurality of key splits 



initialize a cryptographic algorithm with the cryptographic key: and 



apply the initialized cryptographic algorithm to the object to! 



form an encrypted 



object: 

wherein at least one of the plurality of key splits corresponds at least in part to a 
biometric measurement: and 

Th e s torag e modium of claim 21-, wherein the data processor is distributed, and 
the instruction to generate a cryptographic key is executed at least iii part on a smart card. 
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27. (currently amended) A storage medium comprising instructions for causing a 
data processor to encrypt an object, wherein the instructions inducer 

generate a cryptographic key by combinin g, on a smart car4- an organization split 



corresponding to an organization, a maintenance split, a random spjlit a biometric split 
corresponding to the user, and at least one label split; 

initialize a cryptographic algorithm with the cryptographic key; 

apply the initialized cryptographic algorithm to the object t^ form an encrypted 

object; 

add combiner data to the encrypted object, wherein the combiner data includes 
reference data corresponding to at least one of the at; least one label split 
and the cryptographic algorithm, 

name data associated with the organization, 
at least one of the maintenance split and a maintenance level 
corresponding to the maintenance split, and 
the random split; and 
store the encrypted object with the combiner data for subsequent access. 



28. (previously presented) The storage medium of claim 27| wherein the 
instructions further include select the at least one label split from at least one credential. 
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29- (previously presented) The storage medium of claim 2$, wherein the selected 
at least one label split is encrypted, the cryptographic key is a first bryptographic key, and 
the instructions further include: 

derive a second cryptographic key from a user ID associated with a user, a 
password associated with the user, and at least one of a unique data instance and a 
random value; and 

decrypt the selected at least one label split with the second Cryptographic key. 



30. (previously presented) The storage medium of claim 2$, wherein the 
instructions further include: I 
retrieve at least one credential from a memory. 



3 1 - (previously presented) The storage medium of claim 30, wherein the memory 
is disposed on a smart card, 

32. (previously presented) The storage medium of claim 28, wherein the 
instructions further include generate a time stamp corresponding to: a time at which the 
object was encrypted, wherein the combiner data further includes the time stamp. 



33. (previously presented) The storage medium of claim 2Jj, wherein the 
combiner data further includes a user ID associated with the user. | 
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34. (previously presented) The storage medium of claim 27, wherein the 
instructions further include generate a time stamp corresponding td at which the object 
was encrypted, wherein the combiner data further includes the tinW stamp. 



35. (previously presented) The storage medium of claim 27, wherein the 
combiner data is a header record. 



36. (previously presented) The storage medium of claim 2% wherein the 
combiner data further includes one of a digital signature and a digital certificate* 



37, (previously presented) The storage medium of claim 2% wherein the 
combiner data further includes a digital signature and a digital certificate. 



38. (previously presented) The storage medium of claim 2% wherein the 
dyptographic key is a first cryptographic key, and the instructions further include: 

generate a .second cryptographic key based at least in part op the at least one label 
split; and 

encrypt, with the second cryptographic key, the random split, prior to executing 
the instruction to add the combiner data to the encrypted object; 

wherein the random split included in the combiner data is die encrypted random 

split. 
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39. (previously presented) The storage medium of claim 27, wherein the 
instructions further include 

prior to executing the instruction to add the combiner data td the encrypted object, 
encrypt at least a portion of the combiner data with a header split; 

40. (previously presented) The storage medium of claim 3% wherein the header 
split is constant. 

41. (currently amended) The method of claim [[!]] 6« wherein combining the 

: 
t 

plurality of key splits includes applying a non-linear function to the! plurality of key 
splits. 



42. (previously presented) The method of claim 41 , wherein the cryptographic 
key is a single-integer cryptographic key. 



43. (currently amended) The method of claim [[1]] 6, wherein the key splits are 
provided by at least one of a policy manager and a credentials manager. 



44. (currently amended) The method of claim [[1]] 6, wherein the cryptographic 
algorithm is a symmetrical algorithm. 
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45. (currently amended) The method of claim {[1]] 6, wherein the cryptographic 
key is a session key. 



46. (previously presented) The method of claim 7, whereiii combining the 
organization split, the maintenance split, the random split, and the at least one label split 
includes applying a non-linear function to the splits 

47. (previously presented) The method of claim 46, wherein the cryptographic 
key is a single-integer cryptographic key. 

48. (previously presented) The method of claim 7, whereiii the organization split, 
the maintenance split, the random split, and the at least one label spjlit are provided by at 
least one of a policy manager and a credentials manager. 

49. (previously presented) The method of claim 7, wherein the cryptographic 
algorithm is a symmetrical algorithm. 

50. (previously presented) The method of claim 7, whereiri the cryptographic 
key is a session key. 
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5 1 . (currently amended) The storage medium of claim £4- £6, wherein combining 
the plurality of key splits includes applying a non-linear function tb the plurality of key 

SplitS. ! 



52, (previously presented) The storage medium of claim 5 \ , wherein the 
cryptographic key is a single-integer cryptographic key. 

53. (currently amended) The storage medium of claim 2i ^6, wherein the key 
splits are provided by at least one of a policy manager and a credentials manager. 



54. (currently amended) Tlte storage mediiunofclaim 3^26, wherein the 
cryptographic algorithm is a symmetrical algorithm, 

55* (currently amended) The storage medium of claim 24- 2[6, wherein the 
cryptographic key is a session key. 

56. (previously presented) The storage medium of claim 27, wherein combining 
the organization split, the maintenance split, the random split, and tfee at least one label 
split includes applying a non-linear function to the splits. 

57. (previously presented) The storage medium of claim 56, wherein the 
cryptographic key is a single-integer cryptographic key^ 
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58. (previously presented) The storage medium of claim 27, wherein the 
organization split, the maintenance split, the random split, and the at least one label split 
are provided by at least one of a policy manager and a credentials manager. 

59. (previously presented) The storage medium of claim 27, wherein the 
cryptographic algorithm is a symmetrical algorithm, 

60. (previously presented) The storage medium of claim 27, wherein the 
cryptographic key is a session key. 
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